Firewall Issues

Your network probably uses firewalls to protect computers on your local network from unauthorized access from outside your network. Network administrators should read this section to learn how to configure Flumotion to run on their network, or how to adapt their network for Flumotion

Port Numbers

As described in the See the Manager Bouncer Configuration section, the workers communicate with their manager on a certain port. By default this port is 7531 for SSL, though this can be changed in the configuration if necessary for your network, or if you are running multiple managers on one machine. See also the Transport Protocols section.

Each worker may also use some (usually a maximum of two) extra feederport ports to exchange actual unencrypted content data between components (after authentication). This range must be specified in the worker's configuration and each worker on the same machine must use a different range of feederport ports.

Clients (viewers or listeners of your content) will also connect to your streaming component (such as a http-streamer component) via a port such as 80, just as they would connect to a traditional HTTP web server such as Apache. Therefore, that worker (containing the streaming component) would typically be outside of your firewall, with the minimum necessary services running.

However, the streamer component must connect to an "upstream" feeding component (such as an encoder or muxer) on another machine. Note that, like all downstream components, the streamer connects to its feeding component, rather than the feeding component connecting to the streaming component. Therefore, the feeding component's port must be open on the firewall. Future versions of Flumotion might simplify firewall administration by allowing the feeding component to connect to the streaming component instead, avoiding the need to open the port in the firewall.

[Note] Note

You will probably want to stream some content on port 80, because that is the default HTTP port used by web browsers, making the URL simpler. But, as with a traditional web server, port numbers under 1024 may only be used by a root process, and you should not run any part of Flumotion as root. But you may stream on another port, such as 8800 (via the porter component, and then redirect to port 80, for instance with iptables.

The porter component thus allows multiple streamer components to serve content on the same port, such as port 80, via different URLs.

For instance, here is an example entry for iptables:

# Add nat section for redirecting port 80 to 8800:
*nat
-I PREROUTING -p tcp --dport 80 -j REDIRECT --to 8800
COMMIT